Info

Disclosure

Dec 19, 2002

Discovery

Dec 19, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in CUPS, which fails to check user-supplied input for printer attributes before being passed to the strncpy() function, resulting in a buffer overflow. With a specially crafted request, an attacker can cause stack corruption allowing them to crash the service or potentially execute arbitrary code.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Easy Software Products	CUPS	1.1.14-5
		1.1.14-15
		1.1.17

References

Security Tracker: 1005835
ISS X-Force ID: 10910
CVE ID: 2002-1369 (see also: NVD)
Bugtraq ID: 6438
Generic Informational URL: http://www.idefense.com/application/poi/display?id=30&type=vulnerabilities&flashs ......
RedHat RHSA: RHSA-2002:295

Credit

zen-parse -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Easy Software Products

CUPS

References

Credit